Showing papers on "Information privacy published in 2022"

What Does it Mean for a Language Model to Preserve Privacy?

Abstract: Natural language reflects our private lives and identities, making its privacy concerns as broad as those of real life. Language models lack the ability to understand the context and sensitivity of text, and tend to memorize phrases present in their training sets. An adversary can exploit this tendency to extract training data. Depending on the nature of the content and the context in which this data was collected, this could violate expectations of privacy. Thus, there is a growing interest in techniques for training language models that preserve privacy. In this paper, we discuss the mismatch between the narrow assumptions made by popular data protection techniques (data sanitization and differential privacy), and the broadness of natural language and of privacy as a social norm. We argue that existing protection methods cannot guarantee a generic and meaningful notion of privacy for language models. We conclude that language models should be trained on text data which was explicitly produced for public use.

A Numerical Splitting and Adaptive Privacy Budget Allocation Based LDP Mechanism for Privacy Preservation in Blockchain-Powered IoT

Abstract: Blockchain has gradually attracted widespread attention from the research community of the IoT, due to its decentralization, consistency, and other attributes. It builds a secure and robust system by generating a backup locally for each participant node to collectively maintain the network. However, this feature brings some privacy concerns since all nodes can access the chain data, users' sensitive information under risk of leakage. The local differential privacy (LDP) mechanism can be a promising way to address this issue as it implements data perturbation before uploading to the chain. While traditional LDP mechanisms cannot fit well with blockchain since the requirements of a fixed input range, large data volume, and using the same privacy budget, which are practically difficult in a decentralized environment. To overcome these problems, we propose a novel LDP mechanism to split input numerical data and implement perturbation by digital bits, which does not require a fixed input range and large data volume. In addition, we use an iteration approach to adaptively allocate the privacy budget for different perturbation procedures that minimize the total deviation of perturbed data and increase the data utility. We employ mean estimation as the statistical utility metric under the same and randomized privacy budgets to evaluate the performance of our novel LDP mechanism. The experiment results indicate that the proposed LDP mechanism performs better in different scenarios, and our adaptive privacy budget allocation model can significantly reduce the deviation of perturbation function to provide high data utility while maintaining privacy.

Privacy Threat and Defense for Federated Learning With Non-i.i.d. Data in AIoT

Abstract: Under the needs of processing huge amounts of data, providing high-quality service, and protecting user privacy in artificial intelligence of things (AIoT), federated learning (FL) has been treated as a promising technique to facilitate distributed learning with privacy protection. Although the importance of developing privacy-preserving FL has attracted a lot of attentions, the existing research only focuses on FL with independent identically distributed (i.i.d.) data and lacks study of non-i.i.d. scenario. What is worse, the assumption of i.i.d. data is impractical, reducing the performance of privacy protection in real applications. In this article, we carry out an innovative exploration of privacy protection in FL with non-i.i.d. data. First, a thorough analysis on privacy leakage in FL is conducted with proving the performance upper bound of privacy inference attack. Based on our analysis, a novel algorithm, 2DP-FL, is designed to achieve differential privacy by adding noise during training local models and when distributing global model. Especially, our 2DP-FL algorithm has a flexibility of noise addition to meet various needs and has a convergence upper bound. Finally, the real-data experiments can validate the results of our the oretical analysis and the advantages of 2DP-FL in privacy protection, learning convergence, and model accuracy.

Preserving Privacy of Smart Meter Data in a Smart Grid Environment

Abstract: The use of data from residential smart meters can help in the management and control of distribution grids. This provides significant benefits to electricity retailers as well as distribution system operators but raises important questions related to the privacy of consumers' information. In this article, an innovative differential privacy (DP) compliant algorithm is developed to ensure that the data from consumer's smart meters are protected. The effects of this novel algorithm on the operation of the distribution grid are thoroughly investigated not only from a consumer's electricity bill point of view but also from a power systems point of view. This method allows for an empirical investigation into the losses, power quality issues, and extra costs that such a privacy-preserving mechanism may introduce to the system. In addition, severalcost allocation mechanisms based on the cooperative game theory are used to ensure that the extra costs are divided among the participants in a fair, efficient, and equitable manner. Overall, the comprehensive results show that the approach provides privacy preservation in line with the consumer's preferences and does not lead to significant cost or loss increases for the energy retailer. In addition, the novel algorithm is computationally efficient and performs very well with a large number of consumers, thus demonstrating its scalability.

Security and Privacy-Enhanced Federated Learning for Anomaly Detection in IoT Infrastructures

Abstract: Internet of Things (IoT) anomaly detection is significant due to its fundamental roles of securing modern critical infrastructures, such as falsified data injection detection and transmission line faults diagnostic in smart grids. Researchers have proposed various detection methods fostered by machine learning (ML) techniques. Federated learning (FL), as a promising distributed ML paradigm, has been employed recently to improve detection performance due to its advantages of privacy-preserving and lower latency. However, existing FL-based methods still suffer from efficiency, robustness, and security challenges. To address these problems, in this article, we initially introduce a blockchain-empowered decentralized and asynchronous FL framework for anomaly detection in IoT systems, which ensures data integrity and prevents single-point failure while improving the efficiency. Further, we design an improved differentially private FL based on generative adversarial nets, aiming to optimize data utility throughout the training process. To the best of our knowledge, it is the first system to employ a decentralized FL approach with privacy-preserving for IoT anomaly detection. Simulation results on the real-world dataset demonstrate the superior performance from aspects of robustness, accuracy, and fast convergence while maintaining high level of privacy and security protection.

Ensuring Privacy of Data and Mined Results of Data Possessor in Collaborative ARM

Abstract: The usage of the data mining (DM) technique has rapidly increased in the recent era. Most organizations utilize DM for forecasting their goals and for predicting various possibilities of solutions to their problems. DM provides various favors to our society; it also has some downsides like a risk to privacy and data security in collaborative mining. Privacy cracks occur eventually in the communication of data and aggregation of data. In the recent era, various approaches and methods for data privacy were obtained to achieve privacy of individual’s data and collaborative DM results, but yield into loss of information and undesirable effect on the utility of data; as a result, DM success is downgraded. In this paper, we proposed an effectual approach—Fisher–Yates shuffle algorithm for privacy-preserving (PP) association rule mining (ARM). With our approach, medical supervision can steadily discover a global verdict model through their local verdict models without the aid of cloud, and the perceptive medical data of each medical supervision is well protected. Hence, association among some delicate diseases like coronavirus and its symptoms, treatment, and remedy helps in foreseeing the disease in the beginning time. Our target is to conclude association rules in a dispersed environment with reasonably reduced communication time and computation costs, preserves the privacy of participants, and gives precise results.

A Privacy-Enhanced Retrieval Technology for the Cloud-Assisted Internet of Things

Abstract: In the cloud-assisted Internet of things (IoT), most of the data are sent to the cloud for storage and processing. Data privacy and security are extreme concerns since retrieving data from the cloud will yield privacy disclosure risk due to the cloud’s openness. To this end, this article proposes PERT, a privacy-enhanced retrieval technology for cloud-assisted IoT. This architecture is designed through an implicit index maintained by edge servers and a hierarchical retrieval model that preserves data privacy by hiding the information of data transmission between the cloud and the edge servers. For the hierarchical retrieval model, we designed a data partition strategy. The edge server stores partial data. In this way, data privacy is preserved since the attacker must get the data maintained by both cloud and edge servers. The detailed performance analysis and extensive experiments have displayed the effectiveness of the technology for data privacy. It is tested that the architecture can efficiently and securely retrieve the stored data while the computation cost is reduced through operation downsizing. Compared with the benchmark cloud encrypted storage model, the time cost of this method is significantly reduced when the number of users is relatively large.

Efficient and Secure Outsourcing of Differentially Private Data Publishing With Multiple Evaluators

Abstract: Since big data becomes a main impetus to the next generation of IT industry, data privacy has received considerable attention in recent years. To deal with the privacy challenges, differential privacy has been widely discussed and related private mechanisms are proposed as privacy-enhancing techniques. However, with today’s differential privacy techniques, it is difficult to generate a sanitized dataset that can suit every machine learning task. In order to adapt to various tasks and budgets, different kinds of privacy mechanisms have to be implemented, which inevitably incur enormous costs for computation and interaction. To this end, in this article, we propose two novel schemes for outsourcing differential privacy. The first scheme efficiently achieves outsourcing differential privacy by using our preprocessing method and secure building blocks. To support the queries from multiple evaluators, we give the second scheme that employs a trusted execution environment to aggregately implement privacy mechanisms on multiple queries. During data publishing, our proposed schemes allow providers to go off-line after uploading their datasets, so that they achieve a low communication cost which is one of the critical requirements for a practical system. Finally, we report an experimental evaluation on UCI datasets, which confirms the effectiveness of our schemes.

Sustainability of Healthcare Data Analysis IoT-Based Systems Using Deep Federated Learning

Abstract: Due to recent privacy trends and the increase in data breaches in various industries, it has become imperative to adopt new technologies that support data privacy, maintain accuracy, and ensure sustainability at the same time. The healthcare industry is one of the most vulnerable sectors to cyberattacks and data breaches as health data are highly sensitive and distributed in nature. The use of IoT devices with machine learning models to monitor the health status has made the challenge more acute, as it increases the distribution of health data and adds a decentralized structure to healthcare systems. A new privacy-preserving technology, namely, federated learning (FL), is promising for such a challenge as implementing solutions that integrate FL with deep learning, for healthcare applications that rely on IoT, provides several benefits by mainly preserving data privacy, building robust and high accuracy models, and dealing with the decentralized structure, thus achieving sustainability. This article proposes a deep FL (DFL) framework for healthcare data monitoring and analysis using IoT devices. Moreover, it proposes an FL algorithm that addresses the local training data acquisition process. Furthermore, it presents an experiment to detect skin diseases using the proposed framework. The extensive results collected show that the DFL models can preserve data privacy without sharing it, maintain the decentralized structure of the system made by IoT devices, improve the area under the curve (AUC) of the model to reach 97%, and reduce the operational costs (OC) for service providers.

Privacy Threat and Defense for Federated Learning With Non-i.i.d. Data in AIoT

Abstract: Under the needs of processing huge amounts of data, providing high-quality service, and protecting user privacy in artificial intelligence of things (AIoT), federated learning (FL) has been treated as a promising technique to facilitate distributed learning with privacy protection. Although the importance of developing privacy-preserving FL has attracted a lot of attentions, the existing research only focuses on FL with independent identically distributed (i.i.d.) data and lacks study of non-i.i.d. scenario. What is worse, the assumption of i.i.d. data is impractical, reducing the performance of privacy protection in real applications. In this article, we carry out an innovative exploration of privacy protection in FL with non-i.i.d. data. First, a thorough analysis on privacy leakage in FL is conducted with proving the performance upper bound of privacy inference attack. Based on our analysis, a novel algorithm, 2DP-FL, is designed to achieve differential privacy by adding noise during training local models and when distributing global model. Especially, our 2DP-FL algorithm has a flexibility of noise addition to meet various needs and has a convergence upper bound. Finally, the real-data experiments can validate the results of our the oretical analysis and the advantages of 2DP-FL in privacy protection, learning convergence, and model accuracy.

The Dynamic Privacy-Preserving Mechanisms for Online Dynamic Social Networks

Abstract: Networks that constantly transmit information and change structure are becoming increasingly prevalent. However, traditional privacy models are designed to protect static information, such as records in a database or a person’s profile information, which seldom changes. This conflict between static models and dynamic environments is dramatically hindering the effectiveness and efficiency of privacy preservation in today’s dynamic world. Hence, in this paper, we formally define the concept of dynamic privacy, present two novel perspectives, privacy propagation and accumulation, on the way private information can spread through dynamic cyberspace, and develop associated theories and mechanisms for preserving privacy in advanced complex networks, such as social networking sites where data are constantly being released, shared, and exchanged.

Preserving Privacy of Smart Meter Data in a Smart Grid Environment

Abstract: The use of data from residential smart meters can help in the management and control of distribution grids. This provides significant benefits to electricity retailers as well as distribution system operators but raises important questions related to the privacy of consumers' information. In this article, an innovative differential privacy (DP) compliant algorithm is developed to ensure that the data from consumer's smart meters are protected. The effects of this novel algorithm on the operation of the distribution grid are thoroughly investigated not only from a consumer's electricity bill point of view but also from a power systems point of view. This method allows for an empirical investigation into the losses, power quality issues, and extra costs that such a privacy-preserving mechanism may introduce to the system. In addition, severalcost allocation mechanisms based on the cooperative game theory are used to ensure that the extra costs are divided among the participants in a fair, efficient, and equitable manner. Overall, the comprehensive results show that the approach provides privacy preservation in line with the consumer's preferences and does not lead to significant cost or loss increases for the energy retailer. In addition, the novel algorithm is computationally efficient and performs very well with a large number of consumers, thus demonstrating its scalability.

Sociotechnical safeguards for genomic data privacy

Abstract: Recent developments in a variety of sectors, including health care, research and the direct-to-consumer industry, have led to a dramatic increase in the amount of genomic data that are collected, used and shared. This state of affairs raises new and challenging concerns for personal privacy, both legally and technically. This Review appraises existing and emerging threats to genomic data privacy and discusses how well current legal frameworks and technical safeguards mitigate these concerns. It concludes with a discussion of remaining and emerging challenges and illustrates possible solutions that can balance protecting privacy and realizing the benefits that result from the sharing of genetic information.

Cybersecurity, Data Privacy and Blockchain: A Review

Abstract: In this paper, we identify and review key challenges to bridge the knowledge-gap between SME's, companies, organisations, businesses, government institutions and the general public in adopting, promoting and utilising Blockchain technology. The challenges indicated are Cybersecurity and Data privacy in this instance. Additional challenges are set out supported by literature, in researching data security management systems and legal frameworks to ascertaining the types and varieties of valid encryption, data acquisition, policy and outcomes under ISO 27001 and the General Data Protection Regulations. Blockchain, a revolutionary method of storage and immutability, provides a robust storage strategy, and when coupled with a Smart Contract, gives users the ability to form partnerships, share information and consent via a legally-based system of carrying out business transactions in a secure digital domain. Globally, ethical and legal challenges significantly differ; consent and trust in the public and private sectors in deploying such defensive data management strategies, is directly related to the accountability and transparency systems in place to deliver certainty and justice. Therefore, investment and research in these areas is crucial to establishing a dialogue between nations to include health, finance and market strategies that should encompass all levels of society. A framework is proposed with elements to include Big Data, Machine Learning and Visualisation methods and techniques. Through the literature we identify a system necessary in carrying out experiments to detect, capture, process and store data. This includes isolating packet data to inform levels of Cybersecurity and privacy-related activities, and ensuring transparency demonstrated in a secure, smart and effective manner.

Homomorphic Encryption and Federated Learning based Privacy-Preserving CNN Training: COVID-19 Detection Use-Case

Abstract: Medical data is often highly sensitive in terms of data privacy and security concerns. Federated learning, one type of machine learning techniques, has been started to use for the improvement of the privacy and security of medical data. In the federated learning, the training data is distributed across multiple machines, and the learning process is performed in a collaborative manner. There are several privacy attacks on deep learning (DL) models to get the sensitive information by attackers. Therefore, the DL model itself should be protected from the adversarial attack, especially for applications using medical data. One of the solutions for this problem is homomorphic encryption-based model protection from the adversary collaborator. This paper proposes a privacy-preserving federated learning algorithm for medical data using homomorphic encryption. The proposed algorithm uses a secure multi-party computation protocol to protect the deep learning model from the adversaries. In this study, the proposed algorithm using a real-world medical dataset is evaluated in terms of the model performance.

NIST Privacy Framework: A Tool for Improving Privacy Through Enterprise Risk Management, Version 1.0

Abstract:

A federated graph neural network framework for privacy-preserving personalization

Abstract: Graph neural network (GNN) is effective in modeling high-order interactions and has been widely used in various personalized applications such as recommendation. However, mainstream personalization methods rely on centralized GNN learning on global graphs, which have considerable privacy risks due to the privacy-sensitive nature of user data. Here, we present a federated GNN framework named FedPerGNN for both effective and privacy-preserving personalization. Through a privacy-preserving model update method, we can collaboratively train GNN models based on decentralized graphs inferred from local data. To further exploit graph information beyond local interactions, we introduce a privacy-preserving graph expansion protocol to incorporate high-order information under privacy protection. Experimental results on six datasets for personalization in different scenarios show that FedPerGNN achieves 4.0% ~ 9.6% lower errors than the state-of-the-art federated personalization methods under good privacy protection. FedPerGNN provides a promising direction to mining decentralized graph data in a privacy-preserving manner for responsible and intelligent personalization.

Understanding Challenges for Developers to Create Accurate Privacy Nutrition Labels

Abstract: Apple announced the introduction of app privacy details to their App Store in December 2020, marking the first ever real-world, large-scale deployment of the privacy nutrition label concept, which had been introduced by researchers over a decade earlier. The Apple labels are created by app developers, who self-report their app’s data practices. In this paper, we present the first study examining the usability and understandability of Apple’s privacy nutrition label creation process from the developer’s perspective. By observing and interviewing 12 iOS app developers about how they created the privacy label for a real-world app that they developed, we identified common challenges for correctly and efficiently creating privacy labels. We discuss design implications both for improving Apple’s privacy label design and for future deployment of other standardized privacy notices.

Sociotechnical safeguards for genomic data privacy

Abstract: Recent developments in a variety of sectors, including health care, research and the direct-to-consumer industry, have led to a dramatic increase in the amount of genomic data that are collected, used and shared. This state of affairs raises new and challenging concerns for personal privacy, both legally and technically. This Review appraises existing and emerging threats to genomic data privacy and discusses how well current legal frameworks and technical safeguards mitigate these concerns. It concludes with a discussion of remaining and emerging challenges and illustrates possible solutions that can balance protecting privacy and realizing the benefits that result from the sharing of genetic information.

Checking Only When It Is Necessary: Enabling Integrity Auditing Based on the Keyword With Sensitive Information Privacy for Encrypted Cloud Data

Abstract: The public cloud data integrity auditing technique is used to check the integrity of cloud data through the Third Party Auditor (TPA). In order to make it more practical, we propose a new paradigm called integrity auditing based on the keyword with sensitive information privacy for encrypted cloud data. This paradigm is designed for one of the most common scenario, that is, the user concerns the integrity of a portion of encrypted cloud files that contain his/her interested keywords. In our proposed scheme, the TPA who is only provided with the encrypted keyword, can audit the integrity of all encrypted cloud files that contain the user’s interested keyword. Meanwhile, the TPA cannot deduce the sensitive information about which files contain the keyword and how many files contain this keyword. These salient features are realized by leveraging a newly proposed Relation Authentication Label (RAL). The RAL can not only authenticate the relation that files contain the queried keyword, but also be used to generate the auditing proof without sensitive information exposure. We give concrete security analysis showing that the proposed scheme satisfies correctness, auditing soundness and sensitive information privacy. We also conduct the detailed experiments to show the efficiency of our scheme.

Class-Imbalance Privacy-Preserving Federated Learning for Decentralized Fault Diagnosis With Biometric Authentication

Abstract: Privacy protection as a major concern of the industrial big data enabling entities makes the massive safety-critical operation data of a wind turbine unable to exert its great value because of the threat of privacy leakage. How to improve the diagnostic accuracy of decentralized machines without data transfer remains an open issue; especially these machines are almost accompanied by skewed class distribution in the real industries. In this study, a class-imbalanced privacy-preserving federated learning framework for the fault diagnosis of a decentralized wind turbine is proposed. Specifically, a biometric authentication technique is first employed to ensure that only legitimate entities can access private data and defend against malicious attacks. Then, the federated learning with two privacy-enhancing techniques enables high potential privacy and security in low-trust systems. Then, a solely gradient-based self-monitor scheme is integrated to acknowledge the global imbalance information for class-imbalanced fault diagnosis. We leverage a real-world industrial wind turbine dataset to verify the effectiveness of the proposed framework. By comparison with five state-of-the-art approaches and two nonparametric tests, the superiority of the proposed framework in imbalanced classification is ascertained. An ablation study indicates that the proposed framework can maintain high diagnostic performance while enhancing privacy protection.

Privacy and Robustness in Federated Learning: Attacks and Defenses.

Abstract: As data are increasingly being stored in different silos and societies becoming more aware of data privacy issues, the traditional centralized training of artificial intelligence (AI) models is facing efficiency and privacy challenges. Recently, federated learning (FL) has emerged as an alternative solution and continues to thrive in this new reality. Existing FL protocol designs have been shown to be vulnerable to adversaries within or outside of the system, compromising data privacy and system robustness. Besides training powerful global models, it is of paramount importance to design FL systems that have privacy guarantees and are resistant to different types of adversaries. In this article, we conduct a comprehensive survey on privacy and robustness in FL over the past five years. Through a concise introduction to the concept of FL and a unique taxonomy covering: 1) threat models; 2) privacy attacks and defenses; and 3) poisoning attacks and defenses, we provide an accessible review of this important topic. We highlight the intuitions, key techniques, and fundamental assumptions adopted by various attacks and defenses. Finally, we discuss promising future research directions toward robust and privacy-preserving FL, and their interplays with the multidisciplinary goals of FL.

Cybersecurity, Data Privacy and Blockchain: A Review

Abstract: In this paper, we identify and review key challenges to bridge the knowledge-gap between SME's, companies, organisations, businesses, government institutions and the general public in adopting, promoting and utilising Blockchain technology. The challenges indicated are Cybersecurity and Data privacy in this instance. Additional challenges are set out supported by literature, in researching data security management systems and legal frameworks to ascertaining the types and varieties of valid encryption, data acquisition, policy and outcomes under ISO 27001 and the General Data Protection Regulations. Blockchain, a revolutionary method of storage and immutability, provides a robust storage strategy, and when coupled with a Smart Contract, gives users the ability to form partnerships, share information and consent via a legally-based system of carrying out business transactions in a secure digital domain. Globally, ethical and legal challenges significantly differ; consent and trust in the public and private sectors in deploying such defensive data management strategies, is directly related to the accountability and transparency systems in place to deliver certainty and justice. Therefore, investment and research in these areas is crucial to establishing a dialogue between nations to include health, finance and market strategies that should encompass all levels of society. A framework is proposed with elements to include Big Data, Machine Learning and Visualisation methods and techniques. Through the literature we identify a system necessary in carrying out experiments to detect, capture, process and store data. This includes isolating packet data to inform levels of Cybersecurity and privacy-related activities, and ensuring transparency demonstrated in a secure, smart and effective manner.

How to protect privacy in a datafied society? A presentation of multiple legal and conceptual approaches

Abstract: The United Nations confirmed that privacy remains a human right in the digital age, but our daily digital experiences and seemingly ever-increasing amounts of data suggest that privacy is a mundane, distributed and technologically mediated concept. This article explores privacy by mapping out different legal and conceptual approaches to privacy protection in the context of datafication. It provides an essential starting point to explore the entwinement of technological, ethical and regulatory dynamics. It clarifies why each of the presented approaches emphasises particular aspects and analyses the tensions that arise. The resulting overview provides insight into the main strengths and limitations of the different approaches arising from specific traditions. This analytic overview therefore serves as a key resource to analyse the usefulness of the approaches in the context of the increasing datafication of both private and public spheres. Specifically, we contrast the approach focusing on data subjects whose data are being 'protected' with others, including Fair Information Practice Principles, the German right to 'informational self-determination', and the South American 'habeas data' doctrine. We also present and contrast emerging approaches to privacy (differential privacy, contextual integrity, group privacy) and discuss their intersection with datafication. In conclusion, we put forth that rather than aiming for one single solution that works worldwide and across all situations, it is essential to identify synergies and stumbling blocks between the various regulatory settings and newly emerging approaches.